Laboratoires Pierre Fabre is a multinational pharmaceutical and skin cosmetics organization from Castres, France, the second-largest pharmaceutical group in France and the 2nd largest dermo-cosmetics laboratory worldwide.

The group has close to 10.000 workers all over the world, with more than 6000 in France, spread over fifty sites, including 15 main ones in France. Last year, in response to the pandemic they had to adapt and started to focus their efforts on making hydroalcoholic gels and skin lotions for hospitals to help control the spread of COVID-19.

Last week, the pharmaceutical company reported it had been the victim of a cyberattack on the night of Tuesday to Wednesday.

Even though the situation was under control in less than a day, the company had to put its system into standby mode in order to restrain the spread of the virus.

This led to the gradual, temporary stoppage of most production activities (except for the production facility in Gaillac (in the Tarn in France), which manufactures active ingredients for pharmaceuticals and cosmetic products).


Pierre Fabre Affected by REvil Ransomware Attack

When the attack occurred, the company didn’t reveal what type of attack they suffered, but according to Bleeping Computer, the pharmaceutical group was hit by a ransomware attack orchestrated by a hacking group known as REvil/Sodinokibi.

REvil, also known as Sodinokibi, is a ransomware-as-a-service (RaaS) operation that has extorted vasts sums of money from organizations worldwide over the past year.

Hackers behind RaaS operations count on other cybercriminals known as affiliates to disperse the ransomware for them. Actually, these ransomware developers earn between 20% to 30% of the illegal proceeds while the rest is going to the affiliates who obtain access to corporate networks and install the malware.

Although there is still unknown information about the attack, an important news website recently received a link for a REvil Tor payment page allegedly from the Pierre Fabre ransomware attack.

This shows the attackers initially demanded a $25 million ransom, but the ransom had doubled when the victim failed to respond.

Pierre Fabre ransom demand from the REvil gang


The chat below, meant to scare the firm into paying the ransom, shows a message from the attackers threatening to publish Pierre Fabre’s data.

REvil chat screen with a link to a hidden Pierre Fabre data leak page


Pharmaceutical Group Pierre Fabre is only one of the multiple large organizations that fell victims to Revil ransomware attacks over the past month, the most important ones being Acer with a $50 million demand and Asteelflash with a $24 million demand.

There is no further information about the Pierre Fabre Revil ransomware attack at this point, but we will keep you posted.



New REvil Ransomware Version Automatically Logs Windows into Safe Mode

Asteelflash Hit by REvil Ransomware Attack

REvil Ransomware Hacked PC Vendor Acer

Leave a Reply

Your email address will not be published. Required fields are marked *